1

Is there a way to get the resource id given partial url using rest admin api?

Below is the endpoint I call - http://localhost:8180/auth/realms/quickstart-serv-springboot/authz/protection/resource_set?uri=/wb/customer to fetch the resource id.

I want to know if I can pass wild characters in the query string of uri so that it returns the resource id. e.g. - http://localhost:8180/auth/realms/quickstart-serv-springboot/authz/protection/resource_set?uri=/wb/customer/* or http://localhost:8180/auth/realms/quickstart-serv-springboot/authz/protection/resource_set?uri=/wb/cust* or provide a regex pattern to fetch matching resource ids.

Thx

Cshah
  • 5,612
  • 10
  • 33
  • 37

1 Answers1

5

From source code it seems to work next way:

  1. First Keycloak tries to find an exact match
  2. Then if no match is found and there is parameter "matchingUri=true" it will try to find resources by pattern matching.

I didn't check but would recommend adding "matchingUri=true" to your query and try again.

Also pay attention that complex patterns are not supported. Keycloak Documentation says:

Currently a very basic logic for path matching is supported. Examples of valid paths are:
Wildcards: /*
Suffix: /*.html
Sub-paths: /path/*
Path parameters: /resource/{id}
Exact match: /resource
Patterns: /{version}/resource, /api/{version}/resource, /api/{version}/resource/*
Yuriy P
  • 1,330
  • 9
  • 16
  • Thanks a lot @yuriy-p. Can you point me to the documentation which explains other query params you can use with this rest admin api ? How can one know query params like 'matchingUri'. Can you provide scopes ? Can you get more in the response than just resource_id ? – Cshah Nov 27 '19 at 13:18
  • 1
    Documentation is here [Authorization Services](https://www.keycloak.org/docs/latest/authorization_services/#_service_protection_resources_api). But it doesn't mention about matchingUri. I found out it from the source code of [ResourceSetService](https://github.com/keycloak/keycloak/blob/f426643225337f17f640d43e0f5b236f09d70e9d/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java#L344). Regarding getting more than just id, from code it looks like you should get resource representation (with id, name, uri, etc.) Plus there is deep=true param to get more info. – Yuriy P Nov 28 '19 at 12:57
  • path is not working. only working one wildcard that is "/*". I dont want to that, because I have no 1 resourrce, I have 10+ resource. How should I write resource uris? My resource root url is localhost:8070/api/v1 and resource uris are /company and /customer – withoutOne Sep 27 '22 at 12:25